feat: enforce policy on operatorconfig · GoogleCloudPlatform/prometheus-engine@e700f5a (original) (raw)
`@@ -56,18 +56,32 @@ func createKindCluster(t *testing.T) client.Client {
`
56
56
` }
`
57
57
`t.Logf("%s\n", applyCRDsOutput)
`
58
58
``
``
59
`+
// Create Public namespace for OperatorConfig.
`
``
60
`+
applyPublicNamespaceOutput, err := exec.CommandContext(ctx, "kubectl", "--kubeconfig", kubeconfigPath, "create", "namespace", "gmp-public").CombinedOutput()
`
``
61
`+
if err != nil {
`
``
62
`+
t.Fatalf("%s\b%v", applyPublicNamespaceOutput, err)
`
``
63
`+
}
`
``
64
`+
t.Logf("%s\n", applyPublicNamespaceOutput)
`
``
65
+
``
66
`+
// Apply Validating Admission Policy.
`
``
67
`+
applyValidatingAdmissionOutput, err := exec.CommandContext(ctx, "kubectl", "--kubeconfig", kubeconfigPath, "apply", "-f", "../charts/operator/templates/validating-admission-policy.yaml").CombinedOutput()
`
``
68
`+
if err != nil {
`
``
69
`+
t.Fatalf("%s\b%v", applyValidatingAdmissionOutput, err)
`
``
70
`+
}
`
``
71
`+
t.Logf("%s\n", applyValidatingAdmissionOutput)
`
``
72
+
59
73
`// Wait for CRDs to be created - there seems to be race condition without this wait.
`
60
74
`if _, err := exec.CommandContext(ctx, "kubectl", "--kubeconfig", kubeconfigPath, "wait", "customresourcedefinition.apiextensions.k8s.io/clusternodemonitorings.monitoring.googleapis.com", "customresourcedefinition.apiextensions.k8s.io/clusterpodmonitorings.monitoring.googleapis.com", "customresourcedefinition.apiextensions.k8s.io/clusterrules.monitoring.googleapis.com", "customresourcedefinition.apiextensions.k8s.io/globalrules.monitoring.googleapis.com", "customresourcedefinition.apiextensions.k8s.io/operatorconfigs.monitoring.googleapis.com", "customresourcedefinition.apiextensions.k8s.io/podmonitorings.monitoring.googleapis.com", "customresourcedefinition.apiextensions.k8s.io/rules.monitoring.googleapis.com", "--for=create").CombinedOutput(); err != nil {
`
61
75
`t.Fatal(err)
`
62
76
` }
`
63
77
``
64
``
`-
// Load the test cluster kubeconfig
`
``
78
`+
// Load the test cluster kubeconfig.
`
65
79
`config, err := clientcmd.BuildConfigFromFlags("", kubeconfigPath)
`
66
80
`if err != nil {
`
67
81
`t.Fatalf("%v", err)
`
68
82
` }
`
69
83
``
70
``
`-
// Create a client for the test cluster
`
``
84
`+
// Create a client for the test cluster.
`
71
85
`c, err := newKubeClient(config)
`
72
86
`if err != nil {
`
73
87
`t.Error(err)
`
`@@ -215,6 +229,42 @@ func TestCRDValidation(t *testing.T) {
`
215
229
`run(t, tests)
`
216
230
` })
`
217
231
``
``
232
`+
t.Run("OperatorConfig", func(t *testing.T) {
`
``
233
`+
tests := map[string]test{
`
``
234
`+
"empty": {
`
``
235
`+
obj: &monitoringv1.OperatorConfig{},
`
``
236
`+
wantErr: true,
`
``
237
`+
},
`
``
238
`+
"invalid name": {
`
``
239
`+
obj: &monitoringv1.OperatorConfig{
`
``
240
`+
ObjectMeta: metav1.ObjectMeta{
`
``
241
`+
Name: "invalid-name",
`
``
242
`+
Namespace: "gmp-public",
`
``
243
`+
},
`
``
244
`+
},
`
``
245
`+
wantErr: true,
`
``
246
`+
},
`
``
247
`+
"invalid namespace": {
`
``
248
`+
obj: &monitoringv1.OperatorConfig{
`
``
249
`+
ObjectMeta: metav1.ObjectMeta{
`
``
250
`+
Name: "config",
`
``
251
`+
Namespace: "invalid-namespace",
`
``
252
`+
},
`
``
253
`+
},
`
``
254
`+
wantErr: true,
`
``
255
`+
},
`
``
256
`+
"minimal": {
`
``
257
`+
obj: &monitoringv1.OperatorConfig{
`
``
258
`+
ObjectMeta: metav1.ObjectMeta{
`
``
259
`+
Name: "config",
`
``
260
`+
Namespace: "gmp-public",
`
``
261
`+
},
`
``
262
`+
},
`
``
263
`+
},
`
``
264
`+
}
`
``
265
`+
run(t, tests)
`
``
266
`+
})
`
``
267
+
218
268
`t.Run("PodMonitoring", func(t *testing.T) {
`
219
269
`tests := map[string]test{
`
220
270
`"empty": {
`